Andrew Orr's photo

Andrew Orr

Since 2015 Andrew has been writing about Apple, privacy, security, and at one point even Android. You can find him most places online under the username @andrewornot.

Get In Touch:

Twitter 'Super Follows' is Now Available for All iPhone Users

Super Follows is a new Twitter feature that lets creators make money through subscriptions. It has now rolled out to all iPhone users.

The feature launched in September after first being announced in February. Super Follows are another tool for creators to earn money through the social media platform. Eligible accounts are able to set the price for Super Follow subscriptions, with the option of charging $2.99, $4.99 or $9.99 per month. Creators can choose to mark some tweets for subscribers only while continuing to reach their unpaid follower base in regular tweets.

Blockchains Aren't as Private as You Think, But They Could Be

Cybersecurity expert Mashael Al Sabah was recently featured on MIT’s Business Lab podcast. She talks about privacy issues with blockchain technology and how they can be fixed. You can listen to the podcast with the link below (direct link on Apple Podcasts), and.or read the podcast transcript.

A lot of people think that they are completely anonymous when they use Bitcoin, and this gives them a false sense of security. In our research, what we did is that we crawled social media, like there’s popular forum for Bitcoin users called Bitcointalk.org, and we crawled Twitter as well for Bitcoin addresses that users attributed to themselves. In some forums, people share their Bitcoin addressees along with their profile information. So, now you have the public profile information, which includes usernames, emails, age, gender, city.

Kandji Announces 'Passport' for Secure Mac Authentication

Kandji has announced the release of Passport, an authentication product that creates a seamless, one-password sign-in experience for users.

Kandji Passport validates the credentials a user provides during Mac login against an organization’s cloud-based identity provider (IdP), so users need to remember just one password for both their Mac computers and the organization’s single sign-on (SSO) provider. Passport provides a native Mac login experience while streamlining device configuration, management, and security tasks for IT admins.

(Update) Medical AI Company 'Deep6' Leaks 68 GB Trove of Patient Records

Security researcher Jeremiah Fowler together with the WebsitePlanet research team found an unprotected database belonging to Deep6. The records appear to contain data of those based in the United States.

Update: Deep6 reached out and said the news is misleading, saying “In August, a security researcher accessed a test environment that contained dummy data from MIT’s Medical Information Mart of Intensive Care (MIMIC) system, an industry standard source for de-identified health-related test data. To confirm, no real patient data or records were included in this ephemeral test environment, and it was completely isolated from our production systems.”

Meanwhile, according to WebsitePlanet, Mr. Fowler said, “I sent 3 follow up emails on Aug 11, Aug 12, Aug 23. No one has ever replied since the first message on Aug 10th. I validated that the doctor’s names were real individuals by searching obscure names (see screenshot). This is highly unusual in my experience to use real individuals’ data in a ‘dummy environment’ under any circumstances. Because no one replied, we added our disclaimer that we are highlighting that no patient data appeared in plain text, the records were “medical related”, and we never implied any wrongdoing or risk.”

'Data Jar' App For Shortcuts Has Arrived on macOS Monterey

Data Jar is a Shortcuts-adjacent app that lets you store data for use in a shortcut as persistent key-value pairs. You can store text, numbers, booleans, lists, dictionaries, and files. This lets you read and update data directly from Shortcuts. As an example of how I use Data Jar, I have a shortcut that lets me rename a bunch of files at once. Some files are renamed sequentially and Data Jar helps me store the latest number for the files, and it gets updated with every new file I rename with it. It’s a great app, free for Mac and I personally recommend giving a big tip to the developer if you find Data Jar useful.

How Well Do the M1 Pro and M1 Pro Max Chips Handle Games?

Apple said that its latest chips, the M1 Pro | Pro Max are great for content creators like developers and photographers. What about gamers?

All games were run at a full-HD-equivalent resolution (1,920 by 1,200 pixels) because the two new MacBook Pros have differing native display resolutions. (Testing at each laptop’s native resolution would have rendered the scores non-comparable.)

Dental Data Breach Affects 125,000 Patients in 10 States

North American Dental Management suffered a data breach between March 31 and April 1, 2021. It happened as the result of phishing. This group provides administrative and technical support services for Professional Dental Alliance (PDA) offices.

PDA said that it had not found any evidence of any actual misuse of personal information and that its investigation of the matter indicates that the attack was limited to email credential harvesting.

The threat actor did not access PDA’s patient electronic dental record or dental images; however, the Alliance found that some sensitive personal information may have been present in the compromised email accounts.

The breach was reported to the DHS’s Office for Civil Rights, impacting 125,760 patients in Connecticut, Florida, Georgia, Illinois, Indiana, Massachusetts, Michigan, New York, Texas and Tennessee.

Polygon Blockchain Fixes Double Spend Bug Reported From Bug Bounty

Security researcher Gerhard Wagner found a double-spend bug in Polygon’s Plasma bridge. The company awarded Mr. Wagner a record US$2 million for reporting this critical vulnerability.

In total, it is possible to create 14×16 = 224 different encodings for the same raw path. A malicious user can leverage the issue to create alternative exits for the same burn transaction and perform double spends on the Polygon network.

Elcomsoft Can Now Download iCloud Data With Trusted Device Authentication

Elcomsoft has announced an update to its Phone Breaker, a forensic tool used to extract data from iPhones. A trusted iOS device can now be used to authenticate into iCloud. This will let the tool decrypt data protected by end-to-end encryption.

By using a trusted device, experts benefit from unrestricted access to all kinds of information stored in the user’s iCloud account including cloud backups produced by all Apple devices sharing the same Apple ID, photos, synchronized data, as well as end-to-end encrypted data such as the user’s passwords, browsing history, and health information.

Adobe's Behance Platform Adds Support for NFT Art

Behance, a portfolio platform for graphic designers, will let creators connect their crypto wallet to showcase NFT art.

The company is working to include blockchains like Polygon, Solana, Flow and Tezos. It is also partnering with NFT marketplaces like OpenSea, SuperRare, KnownOrigin, and Rarible to display provenance data from the Content Authenticity Initiative — which is now built into a number of Creative Cloud tools — visible on their sites, in addition to Behance.

WIN an iPhone 16 Pro Max!